Bleeding Edge Threats Projects
This page indexes the projects hosted at or closely connected and supported by the Bleeding Edge Threats Community. We highly encourage you to use and support these projects, they are all maintained by Bleeding Snort Community members and/or admins.
Written by William Metcalf, this allows ease of PCAP file rotation and data retrieval from sensors where ring tcpdump is in use.
FauxDNS is written and maintained by
RobertDanford. It is a dns faking program allowing you to control the IPs given for certain or all DNS lookups. This is very useful in sandbox environments, DNS Sinkholes, and a wide variety of other situations. This is adapted and greatly expanded from a script originally included in the Truman Kit by Joe Stewart.
more information at
FauxDNS.
Remote BHO Scanner
This project allows you to scan a large number of Windows systems quickly for BHO’s installed. It’s very informative, very fast, and very accurate. The tool is very useful for finding rogue spyware installs in a large net. It uses the BHO listings from
CastleCops?. Thanks to them for maintaining that list.
DavidGlosser maintains this project.
remotebhoscan0.10.zip
The
BlackHoleDNS project creates and maintains a listing of domains that are known to be used to propagate and manage spyware and malware. This project creates the Bind and Windows zone files required to serve fake replies for any requests to these domains, thus preventing many spyware installs and reporting.
A
BlackholeDNSWhitePaper? by David Glosser is available.
DNS-BH File Downloads
DNS-BH CVS Repository
This project is maintained by David Glosser.
Spyware Listening Post
The goal of the
SpywareListeningPost is to build a self-sustaining spyware prevention and detection framework. We are accomplishing this by using existing tools such as the
BlackHoleDNS project, the User-Agents project, and our existing Bleeding Edge Threats Spyware Signatures (
BleedingMalware). Hits from spyware infections are fed to a database and analyzed, new patterns and techniques are immediately recognized and new signatures are added to the ruleset. This project results in at least 10 new spyware signatures a week.
his project is maintained by Matt Jonkman.
Project Page --
SpywareListeningPost
There is a public mailing list available here:
http://lists.bleedingthreats.net/mailman/listinfo/listeningpost
Users wishing to be volunteer analysts for the data collected should subscribe to this list:
http://lists.bleedingthreats.net/mailman/listinfo/lp-analysts
Note: An interface to allow general access to the sanitized data is underway.
The Snort
BaitnSwitch Project was written by
WillMetcalf and
VictorJulien. This tool can be used to redirect hostile traffic in real-time to a honeypot or decoy net.
More information is available Here:
BaitnSwitch.
Download Here
This project is maintained by Will Metcalf and Victor Julien.
Snort.conf Samples Project
The goal of this project is to make a set of sample snort.conf files. These will represent different size and goal installs of snort. We do not intend to provide snort.conf files that you can use without modification or understanding, but guides to help you benefit from the experience of the community as a whole.The discussion to create these configuration files will occur on the bleeding-sigs list.The files for this project will be stored here:
http://www.bleedingthreats.net/snort.conf/
Project Page --
SnortConfSamples
CVS Repository
This project is maintained by
JamesMcQuaid
SEC Rules
This is just a collection of rules that folks using SEC (Simple Event Correlator) are using. We welcome your contributions of those you can share. SEC is a very powerful tool. You can learn more about it here:http://kodu.neti.ee/~risto/sec/
This project is maintained by Matt Jonkman.
Rulesets Available Here:
http://www.bleedingthreats.net/sec/
NOTE: The
SnortClamAV project is no longer hosted at Bleeding Edge Threats.
The
SnortClamAV project patched Snort to use the
ClamAV? virus database to alert and/or block viruses at the network level. This project was maintained by William Metcalf and Victor Julien.
CoreMark Snort Test Suite
This project has a primary goal of building and maintaining a test suite. This suite will be used to test snort rules and rulesets for performance impact and acuracy (false positive and negative). Snort performance on different platforms and hardware will be measurable as well.This project was started by the generous donation of a privately developed test suite by the engineers at Sensory Networks (
http://www.sensorynetworks.com). They continue to be core developers of the project.
CVS Interface
http://www.bleedingthreats.net/cgi-bin/viewcvs.cgi/?root=Coremark-Tools
Project Page --
CoreMark
Spyware User-Agents List
The Spyware User-Agents project is a list of User-Agent strings used by common spyware, malware, and viruses, etc. The intention is to alow you to block these in projxy servers, write snort signatures from them, or identify unknown code.This project is currently dormant.
SPADE
SPADE (Statistical Packet Anomaly Detection Engine) is a project built years go by Silicon Defense. It was left abandoned for a long time. Simon Bliles has revived the project and is beginning the long journey of modernizing and securing the code.
There is a working version in CVS.
This project is maintained by Simon Bliles.
SPADE CVS Web Interface
A number of patches for snort and related projects are located here:
http://www.bleedingthreats.net/patches/
Main Web
Main Web
Create New Topic
Index
Search
Changes
Preferences
